Solved

Socks 4, 5 - Wingate Proxy

Posted on 2004-10-07
10
435 Views
Last Modified: 2012-06-21
This sucks :(

Got a call from my T1 provider today and it seems that my server (Win 2003 Enterprise) has been hacked...  Ports 23 & 1080 are showing Socks 4 & 5 and Wingate Proxy vulnerabilities, and my SPAM abuse rating is at 4.5 per senderbase.org.  I am not purposefully running a proxy server, I am running the basic firewall in Routing and Remote Acess, and only have a few ports open of which 25 & 1080 are not open in RaRAS.

This server is a multiple occupancy building where everyone shares the same T1 and just uses differnt local IP's (eg: 192.168.20.x, 192.168.30.x, etc.).  So I am assuming that the hack came from one of the other IP blocks via the internet because I am using Group Policy to lock up what functions I don't want the user to have.

So...  now that you guys have the background, what should I do?  I have a Sonicwall Pro 200 I can put in place, but would rather use a software solution as I am not a fan of hardware firewalls.  They are cumbersome and hard to maintain from remote.  Also I need to protect the Inside of the LAN form the other IP ranges.  I am considering MS ISA Server, but would rather get the opinion of you guys first...  Thanks :)
0
Comment
Question by:mikemaner
  • 5
  • 5
10 Comments
 
LVL 15

Expert Comment

by:plimpias
ID: 12255499
OK..this question you have is subjective. From my opinions..keep in mind i used to love ISA..because of packet filtering and how you can specify things down to the packet level. But think about the big picture. with ISA 2000 there were several exploits that made the firewall vulnerable...ok what? a firewall vulnerable..what a joke. second how many patches did microsof come out with? 20 plus? and 2 Service packs! wow..lots of mistakes. third, ISA takes way to much memory and processor speed from your computer. fourth to run ISA correctly microsoft recommends to use ISA with a dedicated computer..(more money). Ok so you get the point. for 1400 buck you can get yourself a nice little pix firewall..if u want remote access enable a telnet user name and password. just set it and forget it..no maintaince..no down time..just a nice little hardware firewall doing its think. I really recommend a firewall solution. Sonic wall is also i good firewal but its not one of my top choices. I would go PIX Cisco firewall. Or watchgaurd firewall. then make other choices. both pix and watchgaurd can be remotely administered. with you situation that you have..first update your server with all critical updates. make sure all of them are installed. go to GRC.com and run shields up to make sure you dont' have extra ports open. do a full system scan of antivirus and run fix tools if some are found and can't be fixed. GET a hardware firewall solution..

if you have any questions...let me know.
0
 

Author Comment

by:mikemaner
ID: 12262915
well, I have 2 options at this point (a PIX Firewall won't work in this situation unfortunately)...  I can either set up ISA on the existing AD aor I can setup a Linux box and Run Squid.  

I personally would rather run ISA, just because I have tried to stay in the Microsoft envelope on this job.  But I have no experience in setting it up and if my assumptions are correct, it's not an easy job to set up ISA on an existing DC, it wants to be on it's own.  So, if there's any help out there on how to setup ISA I would be greatly in your debt :)
0
 
LVL 15

Expert Comment

by:plimpias
ID: 12264488
OH yeah not a problem. http://www.isaserver.org/ has awesome tutorials for this. You can find anything that has to do with ISA.
0
 

Author Comment

by:mikemaner
ID: 12264577
I have actually looked there, and unless I'm just pulling a stupid I haven't seen any step by step guides.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 12264828
Yeah your pulling a stupid then. They have all the toturials. Just need to search for what you are looking for.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:mikemaner
ID: 12290435
DOH!, i just cant figure out what I'm doing wrong here.  I can get it installed fine, but it wont connect to the AD and DNS & RAS Dont work either.  I know your not technically supposed to do an ISA install on your primary DC, but it's really the only option I have...  Any Ideas?
0
 
LVL 15

Expert Comment

by:plimpias
ID: 12293569
Are u using ISA 2004? cause that install is a little different then 2000?
0
 

Author Comment

by:mikemaner
ID: 12293656
Yep, using ISA 2004 on Windows Server 2003 Enterprise Edetion, running DC, DHCP, RaRAS, DNS (Root Hints, no Forwarders).  Pretty standard install.
0
 
LVL 15

Accepted Solution

by:
plimpias earned 500 total points
ID: 12293865
Ahh...you have to add a policy. to allow local host to your internal network. allow always. and do the same with the internal network to the local host.
0
 

Author Comment

by:mikemaner
ID: 12303751
Could you elabotate on that a bit?  I'm a bit confused :)
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now